How I use Cloudflare Zero Trust - Tunnels - to host this blog
Cloudflare tunnels are a secure and convenient way to connect your web applications to Cloudflare’s network without exposing them to the internet. With Cloudflare tunnels, you can hide your web server IP addresses, avoid piercing your firewall with port forwards, block direct attacks, and benefit from Cloudflare’s performance and security features.
I will tease you a bit about how to use Cloudflare tunnels to host your web applications, using the manual Cloudflare web interface and a Docker image to run the tunnel.
What are Cloudflare tunnels?
Cloudflare tunnels are outbound-only connections that are established by a lightweight daemon called cloudflared
. This daemon runs on your web server or any other machine that can access your web applications. It creates an encrypted tunnel between your web server and Cloudflare’s nearest data centre and routes all the traffic through it.
Cloudflare tunnels have several advantages over traditional web application hosting methods, such as port forwarding or using public IP addresses. Some of these advantages are:
- You don’t need to open public inbound ports on your web server or firewall. This means you can avoid exposing your web server to potential attacks, such as DDoS, data breaches, or brute force login attempts.
- You don’t need to manage or update your DNS records. Cloudflare tunnels automatically generate a random hostname for your web applications
example123.trycloudflare.com
, or you can use your custom domain name if you have one. This blog is one of those custom domains. - You can use Cloudflare’s features, such as caching, load balancing, SSL encryption, firewall rules, analytics, and more, to optimize and secure your web applications. However, not all of them are available in the free tier.
- You can use Cloudflare Access, a zero-trust access solution, to control who can access your web applications. You can authenticate users by major identity providers, such as Gsuite, Okta, or GitHub, and enforce granular policies based on user attributes, device posture, or location. An example is https://ittools.lealdasilva.com ( only sending token emails to specific authorised addresses, so you won't get one 🛂 ).
How to set up Cloudflare tunnels
To set up Cloudflare tunnels, you need to have the following:
- A Cloudflare account and a zone (domain name) that you want to use for your web applications.
- A web server or a machine that can access your web applications. This can be a local machine, a virtual machine, a container, or any other type of infrastructure. In my case, I run a docker container.
- A Docker image that contains the
cloudflared
daemon and your web applications. You can use Cloudflare's official Docker image.
The steps to set up Cloudflare tunnels are as follows:
- Log in to your Cloudflare account and go to the Tunnels tab under the Traffic section. Click on Create Tunnel and give the tunnel a name, such as
home-tunnel
. - Click on the docker option as in the image below:
- Run the command shown in the next screen on your docker host (remember this host needs internal access to your web application(s)). You can copy the command as is, but I suggest adding the -d switch and restart always (as per the example below the picture).
docker run -d --restart always cloudflare/cloudflared:latest tunnel --no-autoupdate run --token aoishdlauydiuaysdiuayhsdlkuhasdiuhakudshlauhdlkauhdlkauhdlkjahdlkjahdlkjahdlkjahdlkjahdlkjahdlkjahds
- Return to the Cloudflare dashboard and click Configure next to your tunnel name. You can choose to use a random hostname.
example123.trycloudflare.com
, or a custom hostnameblog.lealdasilva.com
for your web applications. You can also configure other settings for your web applications, such as caching, SSL, firewall, and more.
- Once configured with your hostname, you can access your web applications through the Cloudflare network. You can also use Cloudflare Access to restrict access to your web applications based on your preferences.
Conclusion
Cloudflare tunnels are a great way to host your web applications without exposing them to the internet. You can use Cloudflare tunnels to host private and public applications and take advantage of Cloudflare’s performance and security features. You can also use Cloudflare Access to control who can access your web applications.
In this post, I teased you on how it is possible to use Cloudflare tunnels to host your web applications using the manual Cloudflare web interface and a Docker image to run the tunnel.
I hope you found this post valuable and informative. If you have any questions or feedback, please contact me on Linkedin, and I will happily tell you more about how to set up a similar flow.
You can also read more about it on: